Virtual switching overlay for cloud computing

ABSTRACT

In one embodiment, a method includes receiving data at a virtual switch located at a network device in a cloud network. The data is received from an external network and destined for one or more virtual machines located in the cloud network and associated with the external network. The method further includes transmitting the data from the virtual switch to the virtual machines. The virtual switch operates as an access layer switch for the external network and creates a virtual switching overlay for secure communication between the virtual machines and the external network. Logic and an apparatus are also disclosed.

BACKGROUND

The present disclosure relates generally to communication networks, andmore particularly, to cloud computing.

The number of applications and amount of data in enterprise data centerscontinue to grow. Cloud computing is being proposed as one possibilityto meet the increasing demands. Cloud computing enables network accessto a shared pool of configurable computing resources (e.g., networks,servers, storage, applications, and services) that can be rapidlyprovisioned and released with minimal management effort. Infrastructureas a Service (IaaS) is one area of cloud computing that has attracted alot of interest. IaaS delivers computer infrastructure, typically aplatform virtualization environment, as a service. Rather thanpurchasing servers, software, data center space, or network equipment,customers instead purchase these resources as an outsourced service.Most IaaS providers do not disclose how their infrastructures arehandled internally since they often view this as their competitiveadvantage. As a result, the enterprise has no visibility into theinfrastructure within the cloud and is left with no assurance ofsecurity, reliability, or visibility. Even if the provider discloses howtheir internal operations are implemented, there is still no way for theenterprise to monitor or verify the infrastructure.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example of a network in which embodimentsdescribed herein may be implemented.

FIG. 2 is a diagram illustrating a virtual switch interconnecting anenterprise data center and a virtual private cloud data center in thenetwork of FIG. 1 , in accordance with one embodiment.

FIG. 3 is a diagram illustrating implementation of the virtual switch inthe network of FIG. 1 , in accordance with one embodiment.

FIG. 4 is a diagram illustrating details of the virtual switch locatedin a virtual machine in the network of FIG. 3 , in accordance with oneembodiment.

FIG. 5 is a flowchart illustrating an overview of a process forimplementing a virtual switching overlay for cloud computing, inaccordance with one embodiment.

FIG. 6 depicts an example of a network device useful in implementingembodiments described herein.

Corresponding reference characters indicate corresponding partsthroughout the several views of the drawings.

DESCRIPTION OF EXAMPLE EMBODIMENTS

Overview

In one embodiment, a method generally comprises receiving data at avirtual switch located at a network device in a cloud network. The datais received from an external network and destined for one or morevirtual machines located in the cloud network and associated with theexternal network. The method further includes transmitting the data fromthe virtual switch to the virtual machine. The virtual switch operatesas an access layer switch for the external network and creates a virtualswitching overlay for secure communication between the virtual machinesand the external network.

In another embodiment, logic is encoded in one or more tangible mediafor execution and when executed operable to switch data between virtualmachines located in a cloud network, forward data to an externalnetwork, perform access layer switch operations for the externalnetwork, and create a virtual switching overlay for secure communicationbetween the virtual machines and the external network.

Example Embodiments

The following description is presented to enable one of ordinary skillin the art to make and use the embodiments. Descriptions of specificembodiments and applications are provided only as examples and variousmodifications will be readily apparent to those skilled in the art. Thegeneral principles described herein may be applied to other applicationswithout departing from the scope of the embodiments. Thus, theembodiments are not to be limited to the embodiments shown, but are tobe accorded the widest scope consistent with the principles and featuresdescribed herein. For purpose of clarity, features relating to technicalmaterial that is known in the technical fields related to theembodiments have not been described in detail.

Cloud computing is a model that provides resources and services that areabstracted from an underlying infrastructure and provided on demand andat scale in a multi-tenant environment. The clouds are typicallyaccessed through web browsers or APIs (Application ProgrammingInterfaces) and offer nearly unlimited capacity on demand, but withlimited customer control. One area of cloud computing is Infrastructureas a service (IaaS), in which computing, network, and storage servicesare delivered over the network on a pay-as-you-go basis. A popularoffering within IaaS is the Virtual Private Cloud (VPC). The VPC ishosted on a public cloud; therefore, it is not truly a private cloud.The VPC includes a set of Virtual Machines (VMs) and networks that areconnected to the enterprise and appear to be part of the enterprise(i.e., associated with the enterprise network). With conventionalimplementations of virtual private clouds, there are concerns aboutsecurity, reliability, and visibility. The network administrator has toextend the enterprise network into an insecure environment and thereforeloses visibility into what is happening within the cloud, and controlover security and enterprise-class features. Also, there is noconsistent interface between all of the various cloud providers.Enterprises desire security, service-level guarantees, and compliancecontrol, but with virtual private clouds, the service providers are incontrol of these requisite capabilities. These drawbacks prevent manyenterprises from adopting cloud computing.

The embodiments described herein address the above needs within thecloud computing environment. The embodiments provide a virtual switchingoverlay on top of the cloud infrastructure. This allows the networkadministrator to regain control of the network access layer within thevirtual private cloud and provides full visibility into the cloud,secure communication within the cloud and from the cloud to theenterprise, and an interface to the cloud network that is independent ofthe service provider.

Referring now to the drawings, and first to FIG. 1 , an example of anetwork 10 that may implement embodiments described herein is shown. Theembodiments operate in the context of a data communication networkincluding multiple network elements. Some of the elements in a networkthat employs the system may be network devices such as servers,switches, routers, or gateways. The network device may include, forexample, a master central processing unit (CPU), interfaces, and a bus.The CPU preferably includes memory and a processor. The network devicemay be implemented on a general purpose network machine such asdescribed below with respect to FIG. 6 . It is to be understood that thesimplified network shown in FIG. 1 is only one example, and that theembodiments described herein may be employed in networks havingdifferent configurations and types of network devices.

The network 10 shown in FIG. 1 includes a customer network (e.g.,enterprise network) 12 in communication with a service provider network14 through a public network (e.g., Internet) 16. The customer network 12includes a plurality of end users 18 at one or more locations. Theservice provider 14 includes a cloud network (e.g., virtual privatecloud) 20, which is an isolated portion of the service provider network.The VPC 20 may include any number of subnets 25. The subnet 25 is asegment of the VPC's IP address range where the customer can placegroups of isolated resources. The service provider network 14 mayinclude any number of virtual private clouds 20 or subnets 25 associatedwith the customer network 12 or other customer networks. The customersare segmented within the virtual private cloud 20 by the serviceprovider. The customer end users 18 communicate with the VPC 20 over aconnection 22 (e.g., Virtual Private Network (VPN) connection) between acustomer gateway 24 and VPN gateway 26. The connection 22 passes throughthe public network 16. The customer 18 may also communicate outside ofthe VPN connection 22 as shown at communication path 28. The customernetwork 12 is located outside of the VPC 20 and may be referred to as anexternal network as viewed from the VPC.

The VPC 20 includes a plurality of servers 40 which utilizevirtualization technology. Virtualization allows one computer to do thejob of multiple computers by sharing the resources of a single computeracross multiple systems. Software is used to virtualize hardwareresources of a computer, including, for example, the CPU, RAM, harddisk, and network controller, to create a virtual machine that can runits own operating system and applications. Multiple virtual machines oneach server share hardware resources without interfering with each otherso that several operating systems and applications can be run at thesame time. The virtual machines are deployed within the cloud on demandwith the IP addresses of the VMs controlled by the enterprise.

As described in detail below, a virtual switch 34 is located in the VPC20 to provide a virtual switching overlay 18 on top of the cloud. Thevirtual switch 34 operates as an access layer switch for the customer sothat the customer has control of the cloud network access layer.

FIG. 2 illustrates the virtual switch 34 located in a VPC data center(cloud 20 in FIG. 1 ) and in communication with a virtual switch 36located at an enterprise data center (customer network 12 in FIG. 1 ).The virtual switch 34 provides secure communication within the VPC datacenter 20 and to the enterprise data center 12. Secure tunnelcommunication between the virtual switch 34 and the enterprise network12 may be in the form of L2TPv3 (Layer 2 Tunneling Protocol version 3)over IPsec (Internet Protocol Security) so that the default gateway isin the enterprise network. Layer 3 (L3) VPN communication may also beused between the enterprise 12 and the VPC 20. In this case, the virtualswitch 34 operates as a default gateway at the VPC 20. It is to beunderstood that other protocols may also be used to securely transferdata between the virtual switch 34 and enterprise 12.

The virtual switch 34 transmits data received from the enterprise 12 tovirtual machines 30 located within the VPC 20 via encrypted links(virtual secure wires) 48. The VPC data center 20 may also include morethan one virtual switch 34 with an encrypted link between the virtualswitches. L2TPv3 over IPsec may be used to encrypt packets transmittedbetween the virtual switch 34 and virtual machines 30. It is to beunderstood that L2TPv3 over IPsec is only one example and that otherprotocols may be used to transfer data between the virtual switch 34 andvirtual machines 30.

In one embodiment, each virtual machine 30 includes an agent 32. Theagent 32 may be a VPN client, for example, or other application loadedin the virtual machine 30 by an enterprise server/applicationadministrator. The agent 32 contains the IP address assigned by theservice provider and port profile names. A port profile is used todefine a common set of configuration policies (attributes) for multipleinterfaces. The port profiles are associated with port configurationpolicies defined by the network administrator and applied to a largenumber of ports as they come online in a virtual environment.

The VPN connection 22 may be used to signal VM MAC addresses back to theenterprise 12 to prevent flooding across the VPN connection 22. Sincetraffic leaving the virtual private cloud 20 is often billed by theprovider, stopping floods can reduce costs. The virtual switch 36 at theenterprise may also proxy ARP (Address Resolution Protocol) requests onbehalf of the VMs 30 within the VPC 20. As shown in FIG. 2 , theenterprise virtual switch 36 also has an unencrypted interface at link35 which connects to the rest of the enterprise network.

FIG. 3 illustrates details of implementation of the virtual switch 34 inthe network of FIG. 1 , in accordance with one embodiment. The virtualswitch 34 is located in one of the virtual machines 30. The servers 40in the VPC 20 each include one or more virtual machines 30. In theexample of FIG. 3 , the virtual switch 34 is installed at VM A, which islocated along with VM B at a first server. VM C and VM D are located ata second server, and VM E is located at a third server, each serverbeing physically separate from the other servers. The virtual machines30 may each be moved between servers 40 based on traffic patterns,hardware resources, or other criteria.

The servers 40 are in communication with the network via switches 52,54, (e.g., hardware implemented network switches or other networkdevices configured to perform switching or routing functions). Theswitches 52, 54 may be in communication with a management station 56(e.g., virtualization management platform such as VMware Virtual Centermanagement station, available from VMware of Palo Alto, Calif.). Themanagement station 56 or one or more management functions may also beintegrated into the switches 52, 54.

In the embodiment shown in FIG. 3 , the virtual machines 30 communicatewith the network via a virtual switch (45, 46), such as NEXUS 1000V,available from Cisco Systems, Inc. of San Jose, Calif. The virtualswitch is located in the service provider network 14 and includescomponents referred to as a Virtual Supervisor Module (VSM) 45 andVirtual Ethernet Module (VEM) 46. The VSM 45 may be located in aphysical appliance (e.g., server) in communication with the servers 40and management station 56 via physical switches 52, 54. The VSM 45 mayalso be a virtual appliance (e.g., virtual machine) installed at one ofthe servers 40 or the VSM may be installed at one of the switches 52,54.

The VSM 45 is configured to provide control/management planefunctionality for the virtual machines 30 and control multiple VEMs 46.The VEM 46 provides switching capability at the server 40 and operatesas a data plane associated with the control plane of the VSM 45. The VSM45 and VEM 46 operate together to form a distributed virtual switch asviewed by the management station 56. The VSM 45 and VEM 46 may also belocated together in a network device (e.g., switch 52, 54, server 40 orother network device in communication with the switches 52, 54 andservers 40).

It is to be understood that the network shown in FIG. 3 is only oneexample, and that the virtual switching overlay 18 may be used indifferent networks having different network components. For example, thevirtual switching overlay 18 may run on top of VMWare, Xen hypervisor orany other hypervisor or platform virtualization model at the VPC 20.Thus, the virtual switch (VSM 45/VEM 46) is just one example of avirtualization model at the service provider network.

FIG. 4 illustrates one example of the virtual switch 34 installed at VMA in FIG. 3 . The virtual switch 34 switches traffic between the securevirtual wires 48 connecting the virtual switch to the virtual machines30. The virtual wires 48 run from the virtual switch 34 to the agent 32installed in the virtual machines 30 (FIGS. 2 and 4 ). In oneembodiment, the virtual switch 34 includes a Virtual Supervisor Module(VSM) 58 and Virtual Ethernet Module (VEM) 60. As described above withrespect to the service provider network in FIG. 3 , the VSM 58 providescontrol plane functionality and the VEM 60 operates as a datapathassociated with the control plane of the VSM. The VEM 60 supports aplurality (e.g., hundreds or thousands (or fewer or more)) of virtualEthernet interfaces which communicate with the VMs 30. The virtual wire48 establishes a secure tunnel using L2 over IPSec (or other protocol)to the VSM IP address at the virtual switch 34. For example, the virtualswitch 34 may encapsulate packets with an L2TPv3 header beforetransmitting the packets over the wire 48.

The virtual switch 34 allows the enterprise to gain control of the cloudnetwork access layer. All traffic entering or leaving the cloud (e.g.,VPC 20 or subnet 25 in VPC) associated with the enterprise passesthrough the virtual switch 34. An administrator at the enterprise canaccess the virtual switch 34 and view the virtual Ethernet ports(interfaces), configure ACLs (Access Control Lists), manage portprofiles, and perform other management functions typically performed atthe access layer.

The VPC 20 may include multiple virtual switches 34 connected to acentral management plane. The central management plane is assigned anelastic IP address and spawns off virtual switches 34 as virtualEthernet interfaces are created and limits at the virtual switch arereached. The port profiles may be configured in the central managementplane with the virtual switches 34 pulling port profiles on demand whenthe associated virtual Ethernet interfaces connect to the virtualswitch. The virtual switches 34 preferably create a full mesh of VPNtunnels to form a single logical switch to prevent loops and eliminatethe need for spanning tree.

FIG. 5 is a flowchart illustrating an overview of a process forimplementing a virtual switching overlay for cloud computing, inaccordance with one embodiment. At step 61, the virtual switchingoverlay 18 is created by installing the virtual switch 34 at a networkdevice (e.g., server 40) in the cloud network 20. The virtual switch 34operates as an access layer switch for an external network (e.g.,customer network 12 located outside of the cloud network) and createsthe virtual switching overlay 18 for secure communication between thevirtual machines 30 and the external network 12. The virtual switch 34receives data from the external network at step 62. The received data isdestined for one or more of the virtual machines 30 located within thecloud network 20 and associated with the external network 12. Thevirtual switch 34 transmits the data to the virtual machine 30 overvirtual wire 48 (step 64). The data may be, for example, a packet orframe containing a request for data stored at one of the servers 40 oran update to data stored at one or more of the servers.

FIG. 6 depicts a network device 70 that may be used to implementembodiments described herein. The network device 70 may be, for example,the server 40 containing the virtual switch 34. Network device 70 isconfigured to implement all of the network protocols and extensionsthereof described herein. In one embodiment, network device 70 is aprogrammable machine that may be implemented in hardware, software, orany combination thereof. Logic may be encoded in one or more tangiblemedia for execution by a processor 72. For example, processor 72 mayexecute codes stored in a program memory 74. Program memory 74 is oneexample of a computer-readable medium. Program memory 74 can be avolatile memory. Another form of computer-readable medium storing thesame codes is a type of non-volatile storage such as floppy disks,CD-ROMs, DVD-ROMs, hard disks, flash memory, etc. The processor 72includes means for transmitting, receiving, and encapsulating data andsignaling addresses.

Network device 70 interfaces with physical media via a plurality oflinecards (network interfaces) 76. Linecards 76 may incorporate Ethernetinterfaces, DSL interfaces, Gigabit Ethernet interfaces, 10-GigabitEthernet interfaces, SONET interfaces, etc. As packets are received,processed, and forwarded by network device 70, they may be stored in apacket memory 78. To implement functionality according to the system,linecards 76 may incorporate processing and memory resources similar tothose discussed above in connection with the network device as a whole.It is to be understood that the network device 70 shown in FIG. 6 anddescribed above is only one example and that different configurations ofnetwork devices may be used.

Although the method and apparatus have been described in accordance withthe embodiments shown, one of ordinary skill in the art will readilyrecognize that there could be variations made without departing from thescope of the embodiments. Accordingly, it is intended that all mattercontained in the above description and shown in the accompanyingdrawings shall be interpreted as illustrative and not in a limitingsense.

What is claimed is:
 1. A method comprising: receiving data at a virtualswitch located at a network device in a cloud network, said datareceived from an external network and destined for one or more virtualmachines located in the cloud network and associated with the externalnetwork; and transmitting said data from the virtual switch to said oneor more virtual machines; wherein the virtual switch operates as anaccess layer switch for the external network and creates a virtualswitching overlay for secure communication between the virtual machinesand the external network.
 2. The method of claim 1 wherein the externalnetwork is an enterprise network and the cloud network is a virtualprivate cloud in a service provider network.
 3. The method of claim 1wherein transmitting said data comprises encapsulating said data fortransmittal over a layer 3 network.
 4. The method of claim 1 whereintransmitting said data comprises transmitting said data over a virtualwire to an agent installed at one of the virtual machines.
 5. The methodof claim 1 wherein said data is received over a virtual private networkconnection between the cloud network and the external network.
 6. Themethod of claim 1 wherein transmitting said data comprises utilizing alayer 2 tunneling protocol over a secure Internet protocol.
 7. Themethod of claim 1 further comprising securely transmitting data receivedfrom one of the virtual machines to a virtual switch in the externalnetwork.
 8. The method of claim 1 further comprising signaling MACaddresses of the virtual machines to the external network.
 9. Logicencoded in one or more tangible non-transitory media for execution andwhen executed operable to: switch data between virtual machines locatedin a cloud network; forward data to an external network; perform accesslayer switch operations for the external network; and create a virtualswitching overlay for secure communication of said data between thevirtual machines and the external network.
 10. The logic of claim 9wherein the external network is an enterprise network and the cloudnetwork is a virtual private cloud in a service provider network. 11.The logic of claim 9 wherein the logic is further operable toencapsulate said data for transmittal over a layer 3 network.
 12. Thelogic of claim 9 wherein said data is forwarded to the external networkover a virtual private network connection between the cloud network andthe external network.
 13. The logic of claim 9 wherein said data isforwarded utilizing a layer 2 tunneling protocol over a secure Internetprotocol.
 14. The logic of claim 9 wherein the logic is further operableto signal MAC addresses of the virtual machines to the external network.15. An apparatus comprising means for receiving data at a virtual switchin a cloud network, said data received from an external network anddestined for one or more virtual machines located in the cloud networkand associated with the external network; and means for transmittingsaid data from the virtual switch to said one or more virtual machines;wherein the virtual switch operates as an access layer switch for theexternal network and creates a virtual switching overlay for securecommunication between the virtual machines and the external network. 16.The apparatus of claim 15 wherein the external network is an enterprisenetwork and the cloud network is a virtual private cloud in a serviceprovider network.
 17. The apparatus of claim 15 wherein means fortransmitting said data comprises means for encapsulating said data fortransmittal over a layer 3 network.
 18. The apparatus of claim 15wherein means for transmitting said data comprises means fortransmitting said data over a virtual wire to an agent installed at thevirtual machine.
 19. The apparatus of claim 15 wherein said data isreceived over a virtual private network connection between the cloudnetwork and the external network.
 20. The apparatus of claim 15 furthercomprising means for signaling MAC addresses of the virtual machines tothe external network.
 21. The method of claim 1, wherein datatransmitted between the virtual switch and the external network istransmitted via secure tunnel communication.
 22. The method of claim 1,wherein data transmitted between the virtual switch and the one or morevirtual machines is encapsulated.
 23. The method of claim 22, whereinthe one or more virtual machines and the external network are part of asingle overlay network.
 24. The method of claim 1, wherein the cloudnetwork is in a first datacenter and the external network is in a seconddatacenter.
 25. The method of claim 1, wherein the virtual switch islocated in one of the one or more virtual machines located in the cloudnetwork.
 26. The method of claim 1, further comprising creating anadditional virtual switch in response to a limit of the virtual switchbeing reached.
 27. The method of claim 1, further comprising associatingone or more agents with said one or more virtual machines.
 28. Themethod of claim 27, wherein transmitting said data comprisestransmitting said data over a secure connection to one of the one ormore agents associated with one of said one or more virtual machines.29. The method of claim 1, wherein each of the one or more virtualmachines has a set of policies and/or attributes that are applied as thevirtual machine comes online in the cloud network.
 30. The method ofclaim 1, wherein the virtual switch further comprises a virtualsupervisor module that provides control plane functionality.
 31. Themethod of claim 1, wherein the virtual switch comprises a virtualEthernet module that operates as a data plane.
 32. The method of claim1, wherein the virtual switch is connected to a central managementstation.
 33. The method of claim 32, further comprising: accessing andperforming management functions on the virtual switch.
 34. The method ofclaim 1, wherein the virtual switch comprises a virtual supervisormodule and a virtual Ethernet module.
 35. The logic of claim 9, whereindata forwarded to the external network is transmitted via secure tunnelcommunication.
 36. The logic of claim 9, wherein the cloud network is ina first datacenter and the external network is in a second datacenter.37. The logic of claim 9, wherein each of the virtual machines has a setof policies and/or attributes that are applied as the virtual machinecomes online in the cloud network.
 38. The apparatus of claim 15,wherein data transmitted between the virtual switch from the externalnetwork is transmitted via secure tunnel communication.
 39. Theapparatus of claim 38, wherein data transmitted between the virtualswitch and the one or more virtual machines is encapsulated.
 40. Theapparatus of claim 39, wherein the one or more virtual machines and theexternal network are part of a single overlay network.
 41. The apparatusof claim 15, wherein the cloud network is in a first datacenter and theexternal network is in a second datacenter.
 42. The apparatus of claim15, wherein the virtual switch is located in a virtual machine locatedin the cloud network.
 43. The apparatus of claim 15, wherein anadditional virtual switch is created in response to a limit of thevirtual switch being reached.
 44. The apparatus of claim 15, wherein oneor more agents are associated with said one or more virtual machines.45. The apparatus of claim 44, wherein the means for transmitting saiddata causes transmission of said data over a secure connection to one ofthe one or more agents associated with one of said one or more virtualmachines.
 46. The apparatus of claim 15, wherein each of the one or morevirtual machines has a set of policies and/or attributes that areapplied as the virtual machine comes online in the cloud network. 47.The apparatus of claim 15, wherein the virtual switch comprises avirtual supervisor module that provides control plane functionality. 48.The apparatus of claim 15, wherein the virtual switch comprises avirtual Ethernet module that operates as a data plane.
 49. The apparatusof claim 15, wherein the virtual switch is connected to a centralmanagement station.
 50. The apparatus of claim 49, wherein the virtualswitch is configured to enable access by an administrator to performmanagement functions on the virtual switch.
 51. A system comprising: afirst data center associated with an enterprise; and a second datacenter that includes a virtual switch and one or more virtual machinesin a cloud network associated with the enterprise; wherein the virtualswitch is configured to: receive data from the first data center anddestined for the one or more virtual machines; and operate as an accesslayer switch for the first data center and create a virtual switchingoverlay for secure communication between the one or more virtualmachines and the first data center by encapsulating said data fortransmission to said one or more virtual machines.
 52. The system ofclaim 51, wherein data transmitted between the virtual switch and thefirst data center is transmitted via secure tunnel communication. 53.The system of claim 51, wherein the one or more virtual machines and thefirst data center are part of a single overlay network.
 54. The systemof claim 51, wherein the virtual switch is located in one of the one ormore virtual machines located in the second data center.
 55. The systemof claim 51, further comprising an additional virtual switch that iscreated in response to a limit of the virtual switch being reached. 56.The system of claim 51, further comprising one or more agents associatedwith the one or more virtual machines.
 57. The system of claim 56,wherein the virtual switch is configured to transmit said data over asecure connection to one of the one or more agents associated with oneof said one or more virtual machines.
 58. The system of claim 51,wherein each of the one or more virtual machines has a set of policiesand/or attributes that are applied as the virtual machine comes onlinein the second data center.
 59. The system of claim 51, wherein thevirtual switch further comprises a virtual supervisor module thatprovides control plane functionality.
 60. The system of claim 51,wherein the virtual switch comprises a virtual Ethernet module thatoperates as a data plane.
 61. The system of claim 51, further comprisinga central management station that is in communication with the virtualswitch.
 62. The system of claim 61, wherein the central managementstation is configured to access and perform management functions on thevirtual switch.
 63. The system of claim 51, wherein the virtual switchcomprises a virtual supervisor module and a virtual Ethernet module.